Protecting yourself and your organization from ransomware

There was a time in Nigeria when kidnapping was the order of the day. Recently we have heard of high profile kidnappings where the abductors would take innocent people and demand a ransom from their family members and loved ones before they are released. It may interest you to know that cybercriminals have designed mechanisms whereby they can also “kidnap” your critical information and demand for a ransom to get it released.

Ransomware are software used by attackers to encrypt, or lock your information, making it unreadable and unusable. The attackers would demand for a ransom to be paid before they can release such information. It is a criminal business model that has proven extremely profitable as some of the advanced actors stand to make millions of dollars from the ‘trade’. What makes it very effective is the lack of a backup system which raises the chances that the victim would consider paying the ransom.

Ransomware have been in existence for several years but according to an article released by the FBI in April 2016, there has been a sharp increase in the number and variants of ransomware affecting organizations around the world, moreso in Nigeria between 2015 and 2016. Some of the common variants include: CryptoLocker, 73v3n, Locky, Jigsaw, Samsam, Rokku, KeRanger, Cerber and WannaCry ransomware that hit individuals and organizations in about 100 countries on 12 May 2017.

The experience of a ransomware lockdown can be frightening. A bank would not be able to provide services if all the information about its customers and transactions are no longer available. It would not have access to information about their account transactions or information to correctly identify them. The whole production line of a manufacturing /energy company may grind to a halt if the core systems are exposed to a ransomware attack. Other processes (e.g. inventory, supply chain) would also be adversely affected. If the core system of the central switch (i.e. for electronic transactions) of Nigeria is encrypted, e-commerce would be adversely impacted and this would affect businesses and individuals across the country. These are just some of the areas in which ransomware can cripple organisations, individuals and even a nation. Anyone is a potential victim.

Unlike what many people think, the mode of attack for ransomware is as simple as being infected by a computer virus (which is also a malicious software installed on users computer/device to perform the attackers bidding). Ransomware can infect victims through any of the following means:

Clicking on links in phishing emails

Opening documents in phishing emails

Clicking on erroneous links on infected websites

Downloading unlicensed software

The ransomware would be saved on the victim’s computer/device and encrypt documents in a format that cannot be read by any computer, while propagating itself to other computers within the network. In most cases, the infected systems may display more information about the ransomware and instructions on how the victim should make payment.

Even though the mode of attack for ransomware is a lot like the conventional computer virus, protecting oneself/organization from ransomware is very different from that of a virus. Protection from a virus may involve using an antivirus software and keeping it updated however, this approach may not be effective for a ransomware. This is because a lot of antivirus work by comparing the signature (pattern) of all files on your system with a large database of known virus signatures.

Therefore, if a file with an unknown signature attacks your system, there is very little chance that the antivirus would detect it or clean it. Some ransomware may even encrypt or modify their own source code, therefore, making it harder for antivirus software to detect it.

Download the full report HERE to discover how to protect yourselves and organisations from ransomware.